Bug report by Oleg Kravtsov:
In rtems_bdbuf_swapout_processing() function there is the following
lines:
if (bdbuf_cache.sync_active && !transfered_buffers)
{
rtems_id sync_requester;
rtems_bdbuf_lock_cache ();
...
}
Here access to bdbuf_cache.sync_active is not protected with anything.
Imagine the following test case:
1. Task1 releases buffer(s) with bdbuf_release_modified() calls;
2. After a while swapout task starts and flushes all buffers;
3. In the end of that swapout flush we are before that part of code, and
assume there is task switching (just before "if (bdbuf_cache.sync_active
&& !transfered_buffers)");
4. Some other task (with higher priority) does bdbuf_release_modified
and rtems_bdbuf_syncdev().
This task successfully gets both locks sync and pool (in
rtems_bdbuf_syncdev() function), sets sync_active to true and starts
waiting for RTEMS_BDBUF_TRANSFER_SYNC event with only sync lock got.
5. Task switching happens again and we are again before "if
(bdbuf_cache.sync_active && !transfered_buffers)".
As the result we check sync_active and we come inside that "if"
statement.
6. The result is that we send RTEMS_BDBUF_TRANSFER_SYNC event! Though
ALL modified messages of that task are not flushed yet!
close#1485
Ensure that scheduler nodes in the SCHEDULER_HELP_ACTIVE_OWNER or
SCHEDULER_HELP_ACTIVE_RIVAL helping state are always
SCHEDULER_SMP_NODE_READY or SCHEDULER_SMP_NODE_SCHEDULED to ensure the
MrsP protocol properties.
This code is built without warnings and ignored by Coverity Scan.
CodeSonar found a wide range of issues including buffer overruns,
buffer underruns, questionable type conversions, leaks, etc. This
set of patches addresses all reported issues.
CodeSonar flagged this as a case where the user could inject a format
string and cause issues. Since we were not printing anything but a
string, just switching to puts() rather than fprintf(stdout,...) was
sufficient to make this code safer.
CodeSonar flagged this as an empty if body. Upon analysis, it turned
out to be an error that we think should never occur but if it did,
there is nothing we could do about it. It would likely just indicate
the thread was deleted before we got here. Adding the _Assert() at least
will flag this if it ever occurs during a debug build and we can discuss
what happened.
CodeSonar flagged this as a case where the user could inject a format
string and cause issues. Since we were not printing anything but a
string, just switching to puts() rather than fprintf(stdout,...) was
sufficient to make this code safer.
snprintf() places a limit on the length of the output from sprintf()
and avoids similar buffer overrun issues.
These were flagged by CodeSonar. The assignments on variable declaration
are overridden a few lines below and the other line later with name_size
is where name_size was not used after this assignment.
This was flagged by CodeSonar. It should be impossible to get an
incorrect baud number back but ensure this in debug mode. The _Assert()
keeps their scanner from evaluating for divide by 0 past this point.
CodeSonar detects a possible NULL deference here. But it should never
occur in tested code. Memory for the API Mutexes is reserved by confdefs.h
and are all preallocated when the class of objects is initialized.
Allocating a single instance should never fail.
